diff --git a/src/security/audit-extra.sync.test.ts b/src/security/audit-extra.sync.test.ts
index 88d374f2f..3961abe46 100644
--- a/src/security/audit-extra.sync.test.ts
+++ b/src/security/audit-extra.sync.test.ts
@@ -1,6 +1,7 @@
 import { describe, expect, it } from "vitest";
 import type { OpenClawConfig } from "../config/config.js";
 import { collectAttackSurfaceSummaryFindings } from "./audit-extra.sync.js";
+import { safeEqualSecret } from "./secret-equal.js";
 
 describe("collectAttackSurfaceSummaryFindings", () => {
   it("distinguishes external webhooks from internal hooks when only internal hooks are enabled", () => {
@@ -32,3 +33,23 @@ describe("collectAttackSurfaceSummaryFindings", () => {
     expect(finding.detail).toContain("hooks.internal: disabled");
   });
 });
+
+describe("safeEqualSecret", () => {
+  it("matches identical secrets", () => {
+    expect(safeEqualSecret("secret-token", "secret-token")).toBe(true);
+  });
+
+  it("rejects mismatched secrets", () => {
+    expect(safeEqualSecret("secret-token", "secret-tokEn")).toBe(false);
+  });
+
+  it("rejects different-length secrets", () => {
+    expect(safeEqualSecret("short", "much-longer")).toBe(false);
+  });
+
+  it("rejects missing values", () => {
+    expect(safeEqualSecret(undefined, "secret")).toBe(false);
+    expect(safeEqualSecret("secret", undefined)).toBe(false);
+    expect(safeEqualSecret(null, "secret")).toBe(false);
+  });
+});
diff --git a/src/security/secret-equal.test.ts b/src/security/secret-equal.test.ts
deleted file mode 100644
index e6c30e354..000000000
--- a/src/security/secret-equal.test.ts
+++ /dev/null
@@ -1,22 +0,0 @@
-import { describe, expect, it } from "vitest";
-import { safeEqualSecret } from "./secret-equal.js";
-
-describe("safeEqualSecret", () => {
-  it("matches identical secrets", () => {
-    expect(safeEqualSecret("secret-token", "secret-token")).toBe(true);
-  });
-
-  it("rejects mismatched secrets", () => {
-    expect(safeEqualSecret("secret-token", "secret-tokEn")).toBe(false);
-  });
-
-  it("rejects different-length secrets", () => {
-    expect(safeEqualSecret("short", "much-longer")).toBe(false);
-  });
-
-  it("rejects missing values", () => {
-    expect(safeEqualSecret(undefined, "secret")).toBe(false);
-    expect(safeEqualSecret("secret", undefined)).toBe(false);
-    expect(safeEqualSecret(null, "secret")).toBe(false);
-  });
-});